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CLAIMS : 

What is claimed: 




A method in a data processing system for managing 
5 datX attributes, the method comprising the steps of: 

egistering attributes with a PKCS9 gateway class, 
whereirkthe attributes include user-defined attributes 
and PKCS -Standard (Public Key Cryptography Standards) 
defined attributes ; and 

associafSs^vely storing an identifier for each of said 
attributes . 



The method ofv claim 1 further comprising: 
calling a firsts, object-oriented method in the PKCS9 
15 gateway class, where i\ the first object-oriented method 
receives a parameter comprising an object identifier for 
an attribute- 



20 



The method of claim 2 fVrther comprising: 
searching an attribute mapping data structure using 
the object identifier in the received parameter; 

in response to a determination of a matching object 
identifier in the attribute mapping, data structure, 
retrieving a class identifier associktively stored with 
2 5 the matching object identifier in the Attribute mapping 
data structure; and 

calling a second object-oriented method in a class 
identified by the retrieved class identifier. 



30 X. A method in a data processing system for managing 
data attributes, the method comprising the steps\of: 
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\ invoking a first object-oriented method to process 
an attribute object, wherein the first object-oriented 
methock is defined in an abstract class for attribute 
objects ^ith a subclass for undefined attributes and a 
5 subclass \or defined attributes, wherein the subclass for 
defined attributes is further comprised of a subclass for 
each PKCS-defdned (Public Key Cryptography Standards) 
attribute and ia subclass for each user-defined attribute; 
invoking a\second object-oriented method to process 
10 an attribute object, wherein the second object-oriented 
method is defined \n a PKCS9 gateway class; and 

in response toNinvoking the first object-oriented 
method or the second (object-oriented method, processing 
the result returned by\the first object-oriented method 
15 or the second object-oriented method. 

5. The method of claim 4 \ where a PKCS compatible 
attribute is a unique object\ identifier and value, as 
defined by the Abstract Syntax. Notation (ASN.l) for the 

20 X.500 Attribute type. \ 

6. The method of claim 4, whereinNeach defined attribute 
is implemented as a separate class. \ 

25 7. The method of claim 4, wherein eack defined attribute 
is registered with the PKCS 9 gateway class. 

8. The method of claim 7, wherein PKCS-defiined attributes 
are registered statically with the PKCS 9 gateway class. 

30 \ 

9. The method of claim 7, wherein the user-defined 
attributes are registered with the PKCS 9 gateway class by 
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reading a configuration file when the PKCS9 gateway class 
iss. initially loaded. 

10. Tke method of claim 4, wherein the second 

5 object-oriented method determines a type of the attribute 
object b\ performing an instanceof comparison to 
registerecKattributes . 

11. The method of claim 4, wherein the attribute object 
10 is constructed Vising a constructor method in a class 

associated with V PKCS-compatible attribute. 

12. The method of claim 4 wherein, in response to 
determining an object^ identifier and a value associated 

15 with the object identifier and determining the object 
identifier is registered with the PKCS9 gateway class, 
the PKCS9 gateway class returns an instance of a 
registered attribute. 

20 13. The method of claim 4 wherein, in response to 
determining a DER-encoded byte sstream with an object 
identifier, the second object-oraSented method in the 
PKCS9 gateway class returns an instance of a 
PKCS-compatible attribute, 

25 

14. The method of claim 13 wherein, inVresponse to 
determining the object identifier from ohe DER-encoded 
byte stream is not registered with the PKfcS9 gateway 
class, an instance of an undefined attribute is returned 
30 with the value being a DER-encoded byte stream. 
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1 5 . The method of claim 13 wherein, in response to 
determining the object identifier from the DER-encoded 
byt\ stream is registered with the PKCS9 gateway class, 
an instance of an attribute with the object identifier is 

5 returned. 

16. The itfethod of claim 4, wherein a registered attribute 
object is encoded to a DER-encoded byte stream by using 
the first object-oriented method for encoding the 

10 attribute objsect. 

17. The method qf claim 4, wherein a registered attribute 
object represented as a DER-encoded byte stream is 
decoded to an attribute object by using the second 

15 object-oriented metnod for decoding the attribute object. 



18. The method of claii\4, wherein a second 
object-oriented method ii\ the PKCS9 gateway class 
extracts attribute values \Lnto forms, wherein the forms 
20 are strings, numbers, and/o\ other non-abstract data 
types 

A data processing system foV managing data 
attributes, the data processing system comprising: 
25 registering means for registering attributes with a 

PKCS9 gateway class, wherein the attributes include 
user-defined attributes and PKCS- standard (Public Key 
Cryptography Standards) defined attributes; 

storing means for associatively storing an 
30 identifier for each of said attributes 
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20. The data processing system of claim 19 further 
comprising : 

\ calling means for calling a first object-oriented 
5 method in the PKCS9 gateway class, wherein the first 

object-oriented method receives a parameter comprising an 
object rdentifier for an attribute. 

21. The da\a processing system of claim 20 further 
10 comprising: \ 

searching Vneans for searching an attribute mapping 
data structure losing the object identifier in the 
received parameter; 

retrieving mearis for retrieving, in response to a 
15 determination of a m&tching object identifier in the 
attribute mapping datav structure, a class identifier 
associatively stored wi\h the matching object identifier 
in the attribute mapping idat a structure; and 

calling means for calling a second object-oriented 
20 method in a class identif ied\by the retrieved class 
identifier. \ 

^¥2^ "a data processing system forWanaging Public Key 
Cryptography Standards (PRCS) compatible attributes, the 
25 data processing system comprising: \ 

first constructing means for constructing a new 
instance of an attribute object; \ 

first differentiating means for differentiating 
between attribute objects of different typies; 
30 converting means for converting an instance of an 

attribute object to and/or from DER-encoding\ 
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\ first extracting means for extracting values 
associated with an attribute object; 

extending means for extending a set of attributes 
with uset-defined types; and 
5 firsts registering means for registering an attribute 

class with k PKCS9 gateway class. 

23. The data processing system of claim 22, where a PKCS 
compatible attribute is a unique object identifier and 

10 value, as defined\by the Abstract Syntax Notation (ASN.l) 
for the X.500 Attribute type. 

24. The data processing system of claim 22 further 
comprising: \ 

15 an abstract attribute object class with an undefined 

attribute object subclassXand a defined attribute object 
subclass, wherein the defined attribute object subclass 
is further comprised of a subclass for each PKCS-defined 
attribute object and a subclass for each user-defined 

20 attribute object. \ 

25. The data processing system of claim 22 further 
comprising: \ 

second constructing means for constructing wherein a 
2 5 new instance of an attribute object uteing a class 
constructor. \ 

26. The data processing system of claim ^2 further 
comprising: \ 

30 third constructing means for construe tWj a new 

instance of a PKCS-compatible attribute objecyt is 
constructed using the PKCS 9 gateway class if an attribute 
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ofiriect identifier and a class implementing that attribute 
are\registered. 

27. The. data processing system of claim 22 further 
5 comprising: 

fourtn^ constructing means for constructing a new 
instance of PKCS-compatible attribute object using the 
PKCS9 gatewayXclass based on a DER-encoded byte stream. 

10 28. The data processing system of claim 22 further 
comprising: \ 

second differentiating means for differentiating a 
type for an attributes object determined by performing an 
instanceof comparisonVto registered attribute classes. 

15 \ 

29. The data processing^ system of claim 22 further 
comprising: \ 

encoding means for encoding an attribute object to a 
DER-encoded object by using W encode method of the 
20 attribute object. \ 

30. The data processing system \pf claim 22 further 
comprising: \ 

decoding means for decoding aia attribute object 
25 represented as a DER-encoded string\to an attribute 

object by using a decode method of the attribute object. 

31. The data processing system of claVi 22 further 
comprising: \ 

30 second extracting means for extract mg the PRCS 9 

gateway class returns attribute values, wherein the 
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values are represented as strings, numbers, and/or other 
non-\bstract data types. 

32. TheNdata processing system of claim 22 further 
5 comprising\ 

second Registering means for registering a 
PKCS-compatibrte attribute is registered with the PKCS9 
gateway class. \ 

10 33. The data processing system of claim 32 further 

comprising: \ 

third registering means for registering an attribute 

defined by the Public Key Glyptography Standards is 

registered with the PKCS9 gateway class. 
15 \ 

34. The data processing system of claim 32 further 

comprising: \ 

fourth registering means foA registering wherein 

user-defined attributes are registered with the PKCS9 
20 gateway class by reading a configuration file when the 

PKCS9 gateway class is initially loaded. 



^^o. A computer program product in a computer-readable 
medium for use in a data processing system\for managing 
25 data attributes, the computer program product comprising: 
first instructions for registering attributes with a 
PKCS9 gateway class, wherein the attributes include 
user-defined attributes and PKCS-standard (PublaSc Key 
Cryptography Standards) defined attributes; \ 
30 second instructions for associatively storing\an 

identifier for each of said attributes. \ 
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3v6 . The computer program product of claim 35 further 
comprising: 

\ instructions for calling a first object-oriented 
5 method, in the PRCS 9 gateway class, wherein the 

object-Wiented method receives a parameter comprising an 
object identifier for an attribute. 

37. The computer program product of claim 36 further 
10 comprising: \ 

instructions for searching an attribute mapping data 
structure using Vhe object identifier in the received 
parameter; \ 

instructions ror retrieving, in response to a 
15 determination of a matching object identifier in the 
attribute mapping datav structure, a class identifier 
associatively stored wiuh the matching object identifier 
in the attribute mapping i&ata structure; and 

instructions for callnSng a second object-oriented 
20 method in a class identif ieoyby the retrieved class 
identifier. \ 

A computer program product on a computer-readable 
medium for use in a data processing system for managing 
25 Public Key Cryptography Standards (PKCS) compatible 
attributes, the computer program procluct comprising: 

instructions for constructing a new instance of an 
attribute object; \ 

instructions for differentiating beoween attribute 
30 objects of different types; \ 

instructions for converting an instance, of an 
attribute object to and from DER-encoding; \ 
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\ instructions for extracting values associated with 
ari attribute object; and 

\ instructions for extending a set of attributes with 
user-defined types; and 
5 instructions for registering an attribute class with 

a PKCS9 Wteway class. 

39. The computer program product of claim 38, where a 
PRCS compatible attribute is a unique object identifier 

10 and value, as Refined by the Abstract Syntax Notation 
(ASN.l) for the\.500 Attribute type. 

40. The computer program product of claim 38, wherein 
an abstract attribute^ object class with an undefined 

15 attribute object subcPass and a defined attribute object 
subclass, wherein the defined attribute object subclass 
is further comprised of subclass for each PKCS-def ined 
attribute object and a subfclass for each user-defined 
attribute object. \ 

20 \ 

41. The computer program product of claim 38, wherein a 
new instance of a PKCS-compatibre attribute object is 
constructed using a class constructor. 

25 42. The computer program product oryclaim 38, wherein a 
new instance of a PKCS- compatible attribute object is 
constructed using the PKCS 9 gateway clcvss if an attribute 
object identifier and a class implementing that attribute 
is registered. \ 

30 \ 

43 . The computer program product of claim 3JS , wherein a 
new instance of a PKCS-compatible attribute obdect is 
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constructed using the PKCS9 gateway class based on a 
DER-encoded byte stream, 

44. ^he computer program product of claim 38, wherein a 
type fosjr an attribute object is determined by performing 
an mstal^ceof comparison to registered attribute classes. 

45. The ccfcnputer program product of claim 38, wherein an 
attribute obHect is encoded to a DER-encoded object by 

10 using an encode method of the attribute object. 

46. The computed program product of claim 38, wherein an 
attribute object Represented as a DER-encoded string is 
decoded to an attribute object by using a decode method 

15 of the attribute object. 

47. The computer program product of claim 38, wherein 
the PKCS9 gateway class returns attribute values, wherein 
the values are representeoy as strings, numbers, and/or 

2 0 other non-abstract data typ^s , 



25 



48. The computer program product of claim 38, wherein a 
PKCS-compatible attribute is registered with the PKCS9 
gateway class. 

49. The computer program product o^f claim 48, wherein an 
attribute defined by the Public Key (Sryptography 
Standards is registered with the PKCS9v gateway class. 
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50. The computer program product of claim 48, wherein 
user-defined attributes are registered witth the PKCS9 
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gateway clas^by reading a configuration file when the 
PKCS9 gateway class^i^initially loaded. 



